|
1 | 1 | # reflex-okta-auth |
2 | 2 |
|
| 3 | +> **This repository is archived.** Use the OIDC support built into the |
| 4 | +> `reflex-enterprise` package instead. |
| 5 | +> |
| 6 | +> Notably, this package stores tokens in `LocalStorage`, which is readable by |
| 7 | +> any script running on the page (e.g. via XSS). The `reflex-enterprise` OIDC |
| 8 | +> state stores tokens in HttpOnly, `Secure`, `SameSite=Strict` cookies, and |
| 9 | +> additionally provides refresh tokens with cross-tab sync, nonce / `at_hash` |
| 10 | +> validation, and granted-scope tracking. Functionally, anything this package |
| 11 | +> does is also covered there. |
| 12 | +> |
| 13 | +> ### Migrating |
| 14 | +> |
| 15 | +> Subclass `OIDCAuthState` with `__provider__ = "okta"` — the same |
| 16 | +> `OKTA_CLIENT_ID`, `OKTA_CLIENT_SECRET`, and `OKTA_ISSUER_URI` env vars are |
| 17 | +> picked up automatically (config lookup is `{PROVIDER}_*`): |
| 18 | +> |
| 19 | +> ```python |
| 20 | +> import reflex as rx |
| 21 | +> from reflex_enterprise.auth.oidc.state import OIDCAuthState |
| 22 | +> |
| 23 | +> class OktaAuthState(OIDCAuthState, rx.State): |
| 24 | +> __provider__ = "okta" |
| 25 | +> ``` |
| 26 | +> |
| 27 | +> Render the login button — endpoints are registered automatically on first |
| 28 | +> use, so no explicit `register_auth_endpoints(app)` call is needed: |
| 29 | +> |
| 30 | +> ```python |
| 31 | +> OktaAuthState.get_login_button("Log In with Okta") |
| 32 | +> ``` |
| 33 | +> |
| 34 | +> Logout (`redirect_to_logout`) and `userinfo` keep the same names and shape. |
| 35 | +
|
| 36 | +--- |
| 37 | +
|
| 38 | +## Legacy usage (deprecated) |
| 39 | +
|
3 | 40 | This package requires the `reflex_enterprise` package to be installed. |
4 | 41 |
|
5 | 42 | ## Installation |
|
0 commit comments